Skip to content

⛳️ PASS: Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

Notifications You must be signed in to change notification settings

Ditectrev/Microsoft-SC-900-Microsoft-Security-Compliance-and-Identity-Fundamentals-Practice-Tests-Exams-QA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 

Repository files navigation

⬆️ Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Practice Tests Exams Questions & Answers

Promotional image

Udemy & shop.ditectrev.com

❣️ Please support us by purchasing this course on Udemy in an interactive version with the discounted link. If you're working for a company, you could most probably easily claim this expense during preparation for your exam. For us, it's to be, or not to be, in the game.

🛍️ Alternatively, you can buy the PDF with those questions on shop.ditectrev.com.

✨ This course is unlike any Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) course you will find online.

✋ Join a live online community and a course taught by industry experts and pass the Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) confidently. We aim to build an ecosystem of Information Technology (IT) certifications and online courses in cooperation with the technology industry. We believe it will give our students 100% confidence in the pacing market in an open-source environment. We are just at the beginning of our way, so it's even better for you to join now!

Join our Discord

⌛️ Short and to the point; why should you take the course:

  1. Always happy to answer your questions on Udemy's Q&A's and outside :)
  2. Failed? Please submit a screenshot of your exam result and request a refund (via our upcoming platform, not possible on Udemy); we'll always accept it.
  3. Learn about topics, such as:
    • Azure Active Directory (Azure AD);
    • Azure Bastion;
    • Azure Defender;
    • Azure Firewall;
    • Azure Policy;
    • Azure Security Center;
    • Conditional Access Policies;
    • Microsoft Cloud App Security;
    • Microsoft 365 Compliance Center;
    • Microsoft Defender;
    • Multi-Factor Authentication (MFA);
    • Privileged Identity Management (PIM);
    • Much More!
  4. Questions are similar to the actual exam, without duplications (like in other courses ;-)).
  5. The Practice Tests Exams simulate the actual exam's content, timing, and percentage required to pass the exam.
  6. This course is not an Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Exam Dump. Some people use brain dumps or exam dumps, but that's absurd, which we don't practice.
  7. 211 unique questions.

☝️ Course Updates

v1.0.0: June 28, 2024.

  • Launch of the course.

v1.0.0: July 26, 2024.

  • AI-generated explanations (only paid Udemy).

🙋‍♀️ & 🙋‍♂️ Contribution

We are so thankful for every contribution, which makes sure we can deliver top-notch content. Whenever you find a missing resource, broken link in a Table of Contents, the wrong answer, please submit an issue. Even better would be a Pull Request (PR).

Who this course is for:

  • 👨‍🎓 Students preparing for the Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Exam;
  • 👨‍🎓 AWS Engineers;
  • 👨‍🎓 Azure Engineers;
  • 👨‍🎓 Cloud Architects;
  • 👨‍🎓 Cloud Engineers;
  • 👨‍🎓 DevOps Engineers;
  • 👨‍🎓 Enterprise Architects;
  • 👨‍🎓 Google Cloud Platform (GCP) Engineers;
  • 👨‍🎓 Infrastructure Engineers;
  • 👨‍🎓 IT Professionals;
  • 👨‍🎓 Lead Engineers;
  • 👨‍🎓 Network Engineers;
  • 👨‍🎓 Product Architects;
  • 👨‍🎓 Product Managers;
  • 👨‍🎓 Product Owners;
  • 👨‍🎓 Project Managers;
  • 👨‍🎓 Scrum Masters;
  • 👨‍🎓 Security Specialists;
  • 👨‍🎓 Site Reliability Engineers;
  • 👨‍🎓 Software Developers/Engineers;
  • 👨‍🎓 Software Testers;
  • 👨‍🎓 Solution Architects;
  • 👨‍🎓 Team Leaders.

Requirements

  • 🤩 Excitement to learn!
  • 0️⃣ Prior knowledge is required;
  • ✅ You can pass the Microsoft SC-900 (Microsoft Security, Compliance, and Identity Fundamentals) Exam solely based on our Practice Tests Exams.

Table of Contents

No. Questions
1 Conditional access policies always enforce the user of multi-factor authentication (MFA).
2 Conditional access policies can be used to block access to an application based on the location of the user.
3 Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices.
4 [...] is used to identify, hold, and export electronic information that might be used in an investigation.
5 Microsoft Defender for Endpoint can protect Android devices.
6 Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10.
7 Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses.
8 What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?
9 Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?
10 You can add a resource lock to an Azure subscription.
11 You can add only one resource lock to an Azure resource.
12 You can delete a resource group containing resources that have resources locks.
13 Azure Defender can detect vulnerabilities and threats for Azure Storage.
14 Cloud Security Posture Management (CSPM) is available for all Azure subscriptions.
15 Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises.
16 In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
17 Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?
18 You can use [...] in the Microsoft 365 security center to identify devices that are affected by an alert.
19 When users sign in to the Azure portal, they are first [...].
20 You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?
21 Compliance Manager assesses compliance data [...] for an organization.
22 What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?
23 Digitally signing a document requires a private key.
24 Verifying the authenticity of a digitally signed document requires the public key of the signer.
25 Verifying the authenticity of a digitally signed document requires the private key of the signer.
26 In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?
27 What can you use to provide a user with a two-hour window to complete an administrative task in Azure?
28 Applying system updates increases an organization's secure score in Azure Security Center.
29 The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions.
30 Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center.
31 [...] enables collaboration with business partners from external organizations such as suppliers, partners, and vendors. External users appear as guest in the directory.
32 Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?
33 What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?
34 What is the purpose of Azure Active Directory (Azure AD) Password Protection?
35 Network security groups (NSGs) can deny inbound traffic from the internet.
36 Network security groups (NSGs) can deny outbound traffic to the internet.
37 Network security groups (NSGs) can filter traffic based on IP address, protocol, and port.
38 What is an example of encryption at rest?
39 Azure DDoS Protection Standard can be used to protect [...].
40 Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)?
41 Which Microsoft 365 Compliance Center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?
42 You can use the insider risk management solution to detect phising scams.
43 You can access the insider risk management solution from the Microsoft 365 Compliance Center.
44 You can use the insider risk management solution to detect data leaks by unhappy employees.
45 What are two capabilities of Microsoft Defender for Endpoint?
46 Microsoft Intune can be used to manage Android devices.
47 Microsoft Intune can be used to provision Azure subscriptions.
48 Microsoft Intune can be used to manage organization-owned devices and personal devices.
49 Compliance Manager tracks only customer-managed controls.
50 Compliance Manager provides predefined templates for creating assessments.
51 Compliance Manager can help you asses whether data adheres to specific data protection standards.
52 Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365?
53 [...] requires additional verification, such as a verification code sent to a mobile phone.
54 With Advanced Audit in Microsoft 365, you can identify when email items were accessed.
55 Advenced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing.
56 Advanced Audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data.
57 [...] provides a central location for managing information protection, information governance, and data loss prevention (DLP) policies.
58 Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?
59 In Azure Sentinel, you can automate common tasks by using [...].
60 All Azure active Directory (Azure AD) license editions include the same features.
61 You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal.
62 You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant.
63 Azure Active Directory (Azure AD) is [...] used for authentication and authorization.
64 [...] can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, SharePoint Online, and OneDrive for Business.
65 What do you use to provide real-time integration between Azure Sentinel and another security source?
66 You can create custom roles in Azure Active Directory (Azure AD).
67 Global administrator is a role in Azure Active Directory (Azure AD).
68 An Azure Active Directory (Azure AD) user can be assigned only one role.
69 Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users' risk level.
70 Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public.
71 Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user's risk level.
72 Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?
73 Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?
74 In software as a service (SaaS), applying service packs to applications is the responsibility of the organization.
75 In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider.
76 In all Azure Cloud deployment types, managing the security of information and data is the responsibility of the organization.
77 Applications registered in Azure Active Directory (Azure AD) are associated automatically to a [...].
78 [...] is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
79 [...] a file makes the data in the file readable and usable to viewers that have the appropriate key.
80 Sensitivity labels can be used to encrypt documents.
81 Sensitivity labels can add headers and footers to documents.
82 Sensitivity labels can apply watermarks to emails.
83 [...] is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.
84 Azure Policy supports automatic remediation.
85 Azure Policy can be used to ensure that new resources adhere to corporate standards.
86 Compliance evaluation in Azure Policy occurs only when a target resource is created or modified.
87 Federation is used to establish [...] between organizations.
88 [...] provides Network Address Translation (NAT) services.
89 [...] provides secure and seamless Remote Desktop connectivity to Azure virtual machines.
90 [...] provides provides traffic filtering that can be applied to specific network interfaces on a virtual network.
91 Conditional access policies can use the device state as a signal.
92 Conditional access policies apply before first-factor authentication is complete.
93 Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application.
94 Azure AD Identity Protection can add users to groups based on the users' risk level.
95 Azure AD Identity Protection can detect whether user credentials were leaked to the public.
96 Azure AD Identity Protection can be used to invoke Multi-Factor Authentication based on the users' risk level.
97 Security defaults require an Azure Active Directory (Azure AD) Premium license.
98 Security defaults can be enabled for a single Azure Active Directory (Azure AD) user.
99 When Security defaults are enabled, all administrators must use multi-factor authentication (MFA).
100 Control is a key privacy principle of Microsoft.
101 Transparency is a key principle of Microsoft.
102 Shared responsibility a key principle of Microsoft.
103 What should you use to ensure that the members of an Azure Active Directory group use multi-factor authentication (MFA) when they sign in?
104 Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage.
105 Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises.
106 [...] provides benchmark recommendations and guidance for protecting Azure services.
107 Which two Azure resources can a network security group (NSG) be associated with?
108 Azure AD Connect can be used to implement hybrid identity.
109 Hybrid identity requires the implementation of two Microsoft 365 tenants.
110 Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD).
111 Match the types of compliance score actions to the appropriate tasks. [...] Use encryption to protect data at rest.
112 Match the types of compliance score actions to the appropriate tasks. [...] Actively monitor systems to identify irregularities that might represent risks.
113 You can use the insider risk management solution to detect phishing scams.
114 To which type of resource can Azure Bastion provide secure access?
115 Conditional access policies always enforce the use of multi-factor authentication (MFA).
116 What can you protect by using the information protection solution in the Microsoft 365 Compliance Center?
117 Microsoft Sentinel [...] use Azure Logic Apps to automate and orchestrate responses to alerts.
118 What are three uses of Microsoft Cloud App Security?
119 Azure Active Directory (Azure AD) is deployed to an on premises environment.
120 Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription.
121 Azure Active Directory (Azure AD) is an identity and access management service.
122 Which service should you use to view your Azure secure score?
123 Which two types of resources can be protected by using Azure Firewall?
124 What can you use to provide threat detection for Azure SQL Managed Instance?
125 [...] can use conditional access policies to control sessions in real time.
126 Compliance Manager can be directly accessed from the [...].
127 Compliance Manager can be directly accessed from the [...].
128 In a Core eDiscovery workflow, what should you do before you can search for content?
129 Microsoft Secure Score in the Microsoft 365 security center can provide o recommendations for Microsoft Cloud App Security.
130 From the Microsoft 365 security center, you can view how your Microsoft Secure Score compares to the score of organizations like yours.
131 Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software.
132 Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?
133 Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?
134 Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?
135 What can you use to provision Azure resources across multiple subscriptions in a consistent manner?
136 When you enable security defaults in Azure Active Directory (Azure AD), [...] will be enabled for all Azure AD users.
137 [...] provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.
138 You can manage Microsoft Intune by using the
139 Verify explicitly is one of the guiding principles of Zero Trust.
140 Assume breach is one of the guiding principles of Zero Trust.
141 The Zero Trust security model assumes that a firewall secures the internal network from external threats.
142 [...] is the process of identifying whether a signed-in user can access a specific resource.
143 Which three statements accurately describe the guiding principles of Zero Trust?
144 A higher Microsoft Secure Score means a lower identified risk level in the Microsoft 365 tenant.
145 Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance.
146 In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?
147 With Windows Hello for Business, a user's biometric data used for authentication
148 Microsoft Defender for Identity can identify advanced threats from [...] signals.
149 Which three authentication methods does Windows Hello for Business support?
150 You have an Azure subscription. You need to implement approval-based, time-bound role activation. What should you use?
151 Global administrators are exempt from conditional access policies.
152 A conditional access policy can add users to Azure Active Directory (Azure AD) roles.
153 Conditional access policies can force the use of multi-factor authentication (MFA) to access cloud apps.
154 When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced?
155 Which type of identity is created when you register an application with Active Directory (Azure AD)?
156 Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection?
157 When using multi-factor authentication (MFA), a password is considered something you [...].
158 Windows Hello for Business can use the Microsoft Authenticator app as an authentication method.
159 Windows Hello for Business can use a PIN code as an authentication method.
160 Windows Hello for Business authentication information syncs across all the devices registered by a user.
161 An Azure resource can use a system-assigned [...] to access Azure services.
162 You can use [...] in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack.
163 You can create one Azure Bastion per virtual network.
164 Azure Bastion provides secure user connections by using RDP.
165 In Microsoft Sentinel, you can automate common tasks by using [...]
166 Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?
167 What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?
168 You have a Microsoft 365 E3 subscription. You plan to audit user activity by using the unified audit log and Basic Audit. For how long will the audit records be retained?
169 In the Microsoft 365 Defender portal, an incident is a collection of correlated [...].
170 You need to connect to an Azure virtual machine by using Azure Bastion. What should you use?
171 Which service includes the Attack simulation training feature?
172 Which type of alert can you manage from the Microsoft 365 Defender portal?
173 Microsoft Sentinel data connectors support only Microsoft services.
174 You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel.
175 Hunting provides you with the ability to identify security threats before an alert is triggered.
176 What is a use case for implementing information barrier policies in Microsoft 365?
177 What can you use to deploy Azure resources across multiple subscriptions in a consistent manner?
178 Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, your storage, and more
179 Cloud security posture management (CSPM) is available for free to all Azure users.
180 Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.
181 Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.
182 Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription.
183 Azure Bastion provides a secure connection to an Azure virtual machine by using the Azure portal.
184 Applying system updates increases an organization's secure score in Microsoft Defender for Cloud.
185 The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions.
186 Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud.
187 Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?
188 You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. Encrypt data at rest.
189 You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. Perform a system access audit.
190 You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. Make configuration changes in response to a security incident.
191 Conditional access policies can be applied to global administrators.
192 Conditional access policies are evaluated before a user is authenticated.
193 Conditional access policies can use a device platform, such as Android or iOS, as a signal.
194 Which two cards are available in the Microsoft 365 Defender portal?
195 Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?
196 Which compliance feature should you use to identify documents that are employee resumes?
197 What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?
198 You need to create a data loss prevention (DLP) policy. What should you use?
199 What is an assessment in Compliance Manager?
200 You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site. What should you apply to the site?
201 What can you use to view the Microsoft Secure Score for Devices?
202 Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Review and filter alerts.
203 Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Create cases in the Case dashboard.
204 Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Send a reminder of corporate policies to users.
205 Users can apply sensitivity labels manually.
206 Multiple sensitivity labels can be applied to the same file.
207 A sensitivity abel can apply a watermark to a Microsoft Word document.
208 You can use Advanced Audit in Micrdsoft 365 to view billing details.
209 You can use Advanced Auditin Microsoft 365 to view the contents of an email message.
210 You can use Advanced Auditin Microsoft 365 to view when a user sees the search bar in Outlook on the web to search for message in a mailbox.
211 What can you specify in Microsoft 365 sensitivity labels?

Conditional access policies always enforce the user of multi-factor authentication (MFA).

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies can be used to block access to an application based on the location of the user.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies only affect users who have Azure Active Directory (Azure AD)-joined devices.

  • Yes.
  • No.

⬆ Back to Top

[...] is used to identify, hold, and export electronic information that might be used in an investigation.

  • Customer Lockbox.
  • Data loss prevention (DLP).
  • eDiscovery.
  • Resource lock.

⬆ Back to Top

Microsoft Defender for Endpoint can protect Android devices.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Defender for Endpoint can protect Azure virtual machines that run Windows 10.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Defender for Endpoint can protect Microsoft SharePoint Online sites and content from viruses.

  • Yes.
  • No.

⬆ Back to Top

What feature in Microsoft Defender for Endpoint provides the first line of defense against cyberthreats by reducing the attack surface?

  • Automated remediation.
  • Automated investigation.
  • Advanced hunting.
  • Network protection.

⬆ Back to Top

Which score measures an organization’s progress in completing actions that help reduce risks associated to data protection and regulatory standards?

  • Microsoft Secure Score.
  • Productivity Score.
  • Secure score in Azure Security Center.
  • Compliance score.

⬆ Back to Top

You can add a resource lock to an Azure subscription.

  • Yes.
  • No.

⬆ Back to Top

You can add only one resource lock to an Azure resource.

  • Yes.
  • No.

⬆ Back to Top

You can delete a resource group containing resources that have resources locks.

  • Yes.
  • No.

⬆ Back to Top

Azure Defender can detect vulnerabilities and threats for Azure Storage.

  • Yes.
  • No.

⬆ Back to Top

Cloud Security Posture Management (CSPM) is available for all Azure subscriptions.

  • Yes.
  • No.

⬆ Back to Top

Azure Security Center can evaluate the security of workloads deployed to Azure or on-premises.

  • Yes.
  • No.

⬆ Back to Top

In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?

  • The management of mobile devices.
  • The permissions for the user data stored in Azure.
  • The creation and management of user accounts.
  • The management of the physical hardware.

⬆ Back to Top

Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization?

  • Sensitivity label policies.
  • Customer Lockbox.
  • Information Barriers.
  • Privileged Access Management (PAM).

⬆ Back to Top

You can use [...] in the Microsoft 365 security center to identify devices that are affected by an alert.

  • classifications.
  • incidents.
  • policies.
  • secure score.

⬆ Back to Top

When users sign in to the Azure portal, they are first [...].

  • assigned permissions.
  • authenticated.
  • authorized.
  • resolved.

⬆ Back to Top

You plan to implement a security strategy and place multiple layers of defense throughout a network infrastructure. Which security methodology does this represent?

  • Threat modeling.
  • Identity as the security perimeter.
  • Defense in depth.
  • The shared responsibility model.

⬆ Back to Top

Compliance Manager assesses compliance data [...] for an organization.

  • continually.
  • monthly.
  • on-demand.
  • quarterly.

⬆ Back to Top

What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities?

  • Attack simulator.
  • Reports.
  • Hunting.
  • Incidents.

⬆ Back to Top

Digitally signing a document requires a private key.

  • Yes.
  • No.

⬆ Back to Top

Verifying the authenticity of a digitally signed document requires the public key of the signer.

  • Yes.
  • No.

⬆ Back to Top

Verifying the authenticity of a digitally signed document requires the private key of the signer.

  • Yes.
  • No.

⬆ Back to Top

In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before the Ready phase?

  • Plan.
  • Manage.
  • Adopt.
  • Govern.
  • Define Strategy.

⬆ Back to Top

What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

  • Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
  • Azure Multi-Factor Authentication (MFA).
  • Azure Active Directory (Azure AD) Identity Protection.
  • conditional access policies.

⬆ Back to Top

Applying system updates increases an organization's secure score in Azure Security Center.

  • Yes.
  • No.

⬆ Back to Top

The secure score in Azure Security Center can evaluate resources across multiple Azure subscriptions.

  • Yes.
  • No.

⬆ Back to Top

Enabling multi-factor authentication (MFA) increases an organization's secure score in Azure Security Center.

  • Yes.
  • No.

⬆ Back to Top

[...] enables collaboration with business partners from external organizations such as suppliers, partners, and vendors. External users appear as guest in the directory.

  • Active Directory Domain Services (AD DS).
  • Active Directory forest trust.
  • Azure Active Directory (Azure AD) business-to-business (B2B).
  • Azure Active Directory business-to-consumer B2C (Azure AD B2C).

⬆ Back to Top

Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security?

  • Microsoft Service Trust Portal.
  • Compliance Manager.
  • Microsoft 365 Compliance Center.
  • Microsoft Support.

⬆ Back to Top

What can you use to scan email attachments and forward the attachments to recipients only if the attachments are free from malware?

  • Microsoft Defender for Office 365.
  • Microsoft Defender Antivirus.
  • Microsoft Defender for Identity.
  • Microsoft Defender for Endpoint.

⬆ Back to Top

What is the purpose of Azure Active Directory (Azure AD) Password Protection?

  • To control how often users must change their passwords.
  • To identify devices to which users can sign in without using multi-factor authentication (MFA).
  • To encrypt a password by using globally recognized encryption standards.
  • To prevent users from using specific words in their passwords.

⬆ Back to Top

Network security groups (NSGs) can deny inbound traffic from the internet.

  • Yes.
  • No.

⬆ Back to Top

Network security groups (NSGs) can deny outbound traffic to the internet.

  • Yes.
  • No.

⬆ Back to Top

Network security groups (NSGs) can filter traffic based on IP address, protocol, and port.

  • Yes.
  • No.

⬆ Back to Top

What is an example of encryption at rest?

  • Encrypting communications by using a site-to-site VPN.
  • Encrypting a virtual machine disk.
  • Accessing a website by using an encrypted HTTPS connection.
  • Sending an encrypted email.

⬆ Back to Top

Azure DDoS Protection Standard can be used to protect [...].

  • Azure Active Directory (Azure AD) applications.
  • Azure Active Directory (Azure AD) users.
  • resource groups.
  • virtual networks.

⬆ Back to Top

Which three authentication methods can be used by Azure Multi-Factor Authentication (MFA)?

  • Text message (SMS).
  • Microsoft Authenticator app.
  • Email verification.
  • Phone call.
  • Security question.

⬆ Back to Top

Which Microsoft 365 Compliance Center feature can you use to identify all the documents on a Microsoft SharePoint Online site that contain a specific key word?

  • Audit.
  • Compliance Manager.
  • Content Search.
  • Alerts.

⬆ Back to Top

You can use the insider risk management solution to detect phising scams.

  • Yes.
  • No.

⬆ Back to Top

You can access the insider risk management solution from the Microsoft 365 Compliance Center.

  • Yes.
  • No.

⬆ Back to Top

You can use the insider risk management solution to detect data leaks by unhappy employees.

  • Yes.
  • No.

⬆ Back to Top

What are two capabilities of Microsoft Defender for Endpoint?

  • Automated investigation and remediation.
  • Transport encryption.
  • Shadow IT detection.
  • Attack surface reduction.

⬆ Back to Top

Microsoft Intune can be used to manage Android devices.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Intune can be used to provision Azure subscriptions.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Intune can be used to manage organization-owned devices and personal devices.

  • Yes.
  • No.

⬆ Back to Top

Compliance Manager tracks only customer-managed controls.

  • Yes.
  • No.

⬆ Back to Top

Compliance Manager provides predefined templates for creating assessments.

  • Yes.
  • No.

⬆ Back to Top

Compliance Manager can help you asses whether data adheres to specific data protection standards.

  • Yes.
  • No.

⬆ Back to Top

Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365?

  • Display policy tips to users who are about to violate your organization’s policies.
  • Enable disk encryption on endpoints.
  • Protect documents in Microsoft OneDrive that contain sensitive information.
  • Apply security baselines to devices.

⬆ Back to Top

[...] requires additional verification, such as a verification code sent to a mobile phone.

  • Multi-factor authentication (MFA).
  • Pass-through authentication.
  • Password writeback.
  • Single sign-on (SSO).

⬆ Back to Top

With Advanced Audit in Microsoft 365, you can identify when email items were accessed.

  • Yes.
  • No.

⬆ Back to Top

Advenced Audit in Microsoft 365 supports the same retention period of audit logs as core auditing.

  • Yes.
  • No.

⬆ Back to Top

Advanced Audit in Microsoft 365 allocates customer-dedicated bandwidth for accessing audit data.

  • Yes.
  • No.

⬆ Back to Top

[...] provides a central location for managing information protection, information governance, and data loss prevention (DLP) policies.

  • Azure Defender.
  • Microsoft Purview compliance portal.
  • The Microsoft 365 security center.
  • Microsoft Endpoint Manager.

⬆ Back to Top

Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions?

  • Content Search.
  • Sensitivity labels.
  • Retention policies.
  • eDiscovery.

⬆ Back to Top

In Azure Sentinel, you can automate common tasks by using [...].

  • deep investigation tools.
  • hunting search-and-query tools.
  • playbooks.
  • workbooks.

⬆ Back to Top

All Azure active Directory (Azure AD) license editions include the same features.

  • Yes.
  • No.

⬆ Back to Top

You can manage an Azure Active Directory (Azure AD) tenant by using the Azure portal.

  • Yes.
  • No.

⬆ Back to Top

You must deploy Azure virtual machines to host an Azure Active Directory (Azure AD) tenant.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) is [...] used for authentication and authorization.

  • an extended detection and response (XDR) system.
  • an identity provider.
  • a management group.
  • a security information and event management (SIEM) system.

⬆ Back to Top

[...] can be used to provide Microsoft Support Engineers with access to an organization's data stored in Microsoft Exchange Online, SharePoint Online, and OneDrive for Business.

  • Customer Lockbox.
  • Information barriers.
  • Privileged Access Management (PAM).
  • Sensitivity labels.

⬆ Back to Top

What do you use to provide real-time integration between Azure Sentinel and another security source?

  • Azure AD Connect.
  • Log Analytics workspace.
  • Azure Information Protection.
  • Data connector.

⬆ Back to Top

You can create custom roles in Azure Active Directory (Azure AD).

  • Yes.
  • No.

⬆ Back to Top

Global administrator is a role in Azure Active Directory (Azure AD).

  • Yes.
  • No.

⬆ Back to Top

An Azure Active Directory (Azure AD) user can be assigned only one role.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) Identity Protection can add users to groups based on the users' risk level.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) Identity Protection can detect whether user credentials were leaked to the public.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) Identity Protection can be used to invoke Multi-Factor Authentication based on a user's risk level.

  • Yes.
  • No.

⬆ Back to Top

Which feature provides the extended detection and response (XDR) capability of Azure Sentinel?

  • Integration with the Microsoft 365 Compliance Center.
  • Support for threat hunting.
  • Integration with Microsoft 365 Defender.
  • Support for Azure Monitor Workbooks.

⬆ Back to Top

Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources?

  • Conditional access policies.
  • Azure AD Identity Protection.
  • Azure AD Privileged Identity Management (PIM).
  • Authentication method policies.

⬆ Back to Top

In software as a service (SaaS), applying service packs to applications is the responsibility of the organization.

  • Yes.
  • No.

⬆ Back to Top

In infrastructure as a service (IaaS), managing the physical network is the responsibility of the cloud provider.

  • Yes.
  • No.

⬆ Back to Top

In all Azure Cloud deployment types, managing the security of information and data is the responsibility of the organization.

  • Yes.
  • No.

⬆ Back to Top

Applications registered in Azure Active Directory (Azure AD) are associated automatically to a [...].

  • guest account.
  • managed identity.
  • service principal.
  • user account.

⬆ Back to Top

[...] is a cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution used to provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.

  • Azure Advisor.
  • Azure Bastion.
  • Azure Monitor.
  • Azure Sentinel.

⬆ Back to Top

[...] a file makes the data in the file readable and usable to viewers that have the appropriate key.

  • Archiving.
  • Compressing.
  • Deduplicating.
  • Encrypting.

⬆ Back to Top

Sensitivity labels can be used to encrypt documents.

  • Yes.
  • No.

⬆ Back to Top

Sensitivity labels can add headers and footers to documents.

  • Yes.
  • No.

⬆ Back to Top

Sensitivity labels can apply watermarks to emails.

  • Yes.
  • No.

⬆ Back to Top

[...] is a cloud-based solution that leverages on-premises Active Directory signals to identify, detect, and investigate advanced threats.

  • Microsoft Cloud App Security.
  • Microsoft Defender for Endpoint.
  • Microsoft Defender for Identity.
  • Microsoft Defender for Office 365.

⬆ Back to Top

Azure Policy supports automatic remediation.

  • Yes.
  • No.

⬆ Back to Top

Azure Policy can be used to ensure that new resources adhere to corporate standards.

  • Yes.
  • No.

⬆ Back to Top

Compliance evaluation in Azure Policy occurs only when a target resource is created or modified.

  • Yes.
  • No.

⬆ Back to Top

Federation is used to establish [...] between organizations.

  • multi-factor authentication (MFA).
  • a trust relationship.
  • user account synchronization.
  • a VPN connection.

⬆ Back to Top

[...] provides Network Address Translation (NAT) services.

  • Azure Bastion.
  • Azure Firewall.
  • Network Security Group (NSG).

⬆ Back to Top

[...] provides secure and seamless Remote Desktop connectivity to Azure virtual machines.

  • Azure Bastion.
  • Azure Firewall.
  • Network Security Group (NSG).

⬆ Back to Top

[...] provides provides traffic filtering that can be applied to specific network interfaces on a virtual network.

  • Azure Bastion.
  • Azure Firewall.
  • Network Security Group (NSG).

⬆ Back to Top

Conditional access policies can use the device state as a signal.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies apply before first-factor authentication is complete.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies can trigger multi-factor authentication (MFA) if a user attempts to access a specific application.

  • Yes.
  • No.

⬆ Back to Top

Azure AD Identity Protection can add users to groups based on the users' risk level.

  • Yes.
  • No.

⬆ Back to Top

Azure AD Identity Protection can detect whether user credentials were leaked to the public.

  • Yes.
  • No.

⬆ Back to Top

Azure AD Identity Protection can be used to invoke Multi-Factor Authentication based on the users' risk level.

  • Yes.
  • No.

⬆ Back to Top

Security defaults require an Azure Active Directory (Azure AD) Premium license.

  • Yes.
  • No.

⬆ Back to Top

Security defaults can be enabled for a single Azure Active Directory (Azure AD) user.

  • Yes.
  • No.

⬆ Back to Top

When Security defaults are enabled, all administrators must use multi-factor authentication (MFA).

  • Yes.
  • No.

⬆ Back to Top

Control is a key privacy principle of Microsoft.

  • Yes.
  • No.

⬆ Back to Top

Transparency is a key principle of Microsoft.

  • Yes.
  • No.

⬆ Back to Top

Shared responsibility a key principle of Microsoft.

  • Yes.
  • No.

⬆ Back to Top

What should you use to ensure that the members of an Azure Active Directory group use multi-factor authentication (MFA) when they sign in?

  • Azure Active Directory (Azure AD) Identity Protection.
  • A conditional access policy.
  • Azure role-based access control (Azure RBAC).
  • Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

⬆ Back to Top

Microsoft Defender for Cloud can detect vulnerabilities and threats for Azure Storage.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Defender for Cloud can evaluate the security of workloads deployed to Azure or on-premises.

  • Yes.
  • No.

⬆ Back to Top

[...] provides benchmark recommendations and guidance for protecting Azure services.

  • Azure Application Insights.
  • Azure Network Watcher.
  • Log Analytics workspaces.
  • Security baselines for Azure.

⬆ Back to Top

Which two Azure resources can a network security group (NSG) be associated with?

  • Network interface.
  • Azure App Service web app.
  • Virtual network.
  • Virtual network subnet.
  • Resource group.

⬆ Back to Top

Azure AD Connect can be used to implement hybrid identity.

  • Yes.
  • No.

⬆ Back to Top

Hybrid identity requires the implementation of two Microsoft 365 tenants.

  • Yes.
  • No.

⬆ Back to Top

Hybrid identity refers to the synchronization of Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD).

  • Yes.
  • No.

⬆ Back to Top

Match the types of compliance score actions to the appropriate tasks. [...] Use encryption to protect data at rest.

  • Corrective.
  • Detective.
  • Preventative.

⬆ Back to Top

Match the types of compliance score actions to the appropriate tasks. [...] Actively monitor systems to identify irregularities that might represent risks.

  • Corrective.
  • Detective.
  • Preventative.

⬆ Back to Top

You can use the insider risk management solution to detect phishing scams.

  • Yes.
  • No.

⬆ Back to Top

To which type of resource can Azure Bastion provide secure access?

  • Azure Files.
  • Azure SQL Managed Instances.
  • Azure virtual machines.
  • Azure App Service.

⬆ Back to Top

Conditional access policies always enforce the use of multi-factor authentication (MFA).

  • Yes.
  • No.

⬆ Back to Top

What can you protect by using the information protection solution in the Microsoft 365 Compliance Center?

  • Computers from zero-day exploits.
  • Users from phishing attempts.
  • Files from malware and viruses.
  • Sensitive data from being exposed to unauthorized users.

⬆ Back to Top

Microsoft Sentinel [...] use Azure Logic Apps to automate and orchestrate responses to alerts.

  • analytic rules.
  • hunting queries.
  • playbooks.
  • workbooks.

⬆ Back to Top

What are three uses of Microsoft Cloud App Security?

  • Discover and control the use of shadow IT.
  • Provide secure connections to Azure virtual machines.
  • Protect sensitive information hosted anywhere in the cloud.
  • Provide pass-through authentication to on-premises applications.
  • Prevent data leaks to noncompliant apps and limit access to regulated data.

⬆ Back to Top

Azure Active Directory (Azure AD) is deployed to an on premises environment.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) is provided as part of a Microsoft 365 subscription.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) is an identity and access management service.

  • Yes.
  • No.

⬆ Back to Top

Which service should you use to view your Azure secure score?

  • Alerts.
  • Application Insights.
  • Policy.
  • Azure AD Connect Health.
  • Security Center (Microsoft Defender for Cloud).
  • Security Center.
  • Advisor.
  • Monitor.

⬆ Back to Top

Which two types of resources can be protected by using Azure Firewall?

  • Azure virtual machines.
  • Azure Active Directory (Azure AD) users.
  • Microsoft Exchange Online inboxes.
  • Azure virtual networks.
  • Microsoft SharePoint Online sites.

⬆ Back to Top

What can you use to provide threat detection for Azure SQL Managed Instance?

  • Microsoft Secure Score.
  • Application security groups.
  • Microsoft Defender for Cloud.
  • Azure Defender.
  • Azure Bastion.

⬆ Back to Top

[...] can use conditional access policies to control sessions in real time.

  • Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
  • Microsoft Defender for Cloud.
  • Microsoft Sentinel.
  • Microsoft Defender for Cloud Apps.

⬆ Back to Top

Compliance Manager can be directly accessed from the [...].

  • Microsoft 365 admin center.
  • Microsoft 365 Defender portal.
  • Microsoft 365 Purview.

⬆ Back to Top

Compliance Manager can be directly accessed from the [...].

  • Microsoft 365 admin center.
  • Microsoft 365 Defender portal.
  • Microsoft 365 Compliance Center.
  • Microsoft Support portal.

⬆ Back to Top

In a Core eDiscovery workflow, what should you do before you can search for content?

  • Create an eDiscovery hold.
  • Run Express Analysis.
  • Configure attorney-client privilege detection.
  • Export and download results.

⬆ Back to Top

Microsoft Secure Score in the Microsoft 365 security center can provide o recommendations for Microsoft Cloud App Security.

  • Yes.
  • No.

⬆ Back to Top

From the Microsoft 365 security center, you can view how your Microsoft Secure Score compares to the score of organizations like yours.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Secure Score in the Microsoft 365 security center gives you points if you address the improvement action by using a third-party application or software.

  • Yes.
  • No.

⬆ Back to Top

Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers?

  • Retention policies.
  • Data loss prevention (DLP) policies.
  • Conditional access policies.
  • Information barriers.

⬆ Back to Top

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

  • Access reviews.
  • Managed identities.
  • Conditional access policies.
  • Azure AD Identity Protection.

⬆ Back to Top

Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)?

  • Microsoft Endpoint Manager admin center.
  • Azure Cost Management + Billing.
  • Microsoft Service Trust Portal.
  • Azure Active Directory admin center.

⬆ Back to Top

What can you use to provision Azure resources across multiple subscriptions in a consistent manner?

  • Microsoft Defender for Cloud.
  • Azure Blueprints.
  • Microsoft Sentinel.
  • Azure Policy.

⬆ Back to Top

When you enable security defaults in Azure Active Directory (Azure AD), [...] will be enabled for all Azure AD users.

  • Azure AD Identity Protection.
  • Azure AD Privileged Identity Management (PIM).
  • Multi-factor authentication (MFA).

⬆ Back to Top

[...] provides best practices from Microsoft employees, partners, and customers, including tools and guidance to assist in an Azure deployment.

  • Azure Blueprints.
  • Azure Policy.
  • The Microsoft Cloud Adoption Framework for Azure.
  • A resource lock.

⬆ Back to Top

You can manage Microsoft Intune by using the

  • Azure Active Directory admin center.
  • Microsoft 365 Compliance Center.
  • Microsoft 365 Defender portal.
  • Microsoft Endpoint Manager admin center.

⬆ Back to Top

Verify explicitly is one of the guiding principles of Zero Trust.

  • Yes.
  • No.

⬆ Back to Top

Assume breach is one of the guiding principles of Zero Trust.

  • Yes.
  • No.

⬆ Back to Top

The Zero Trust security model assumes that a firewall secures the internal network from external threats.

  • Yes.
  • No.

⬆ Back to Top

[...] is the process of identifying whether a signed-in user can access a specific resource.

  • Authentication.
  • Authorization.
  • Federation.
  • Single sign-on (SSO).

⬆ Back to Top

Which three statements accurately describe the guiding principles of Zero Trust?

  • Define the perimeter by physical locations.
  • Use identity as the primary security boundary.
  • Always verify the permissions of a user explicitly.
  • Always assume that the user system can be breached.
  • Use the network as the primary security boundary.

⬆ Back to Top

A higher Microsoft Secure Score means a lower identified risk level in the Microsoft 365 tenant.

  • Yes.
  • No.

⬆ Back to Top

Microsoft Secure Score measures progress in completing actions based on controls that include key regulations and standards for data protection and governance.

  • Yes.
  • No.

⬆ Back to Top

In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)?

  • Active Directory Federation Services (AD FS).
  • Microsoft Sentinel.
  • Azure AD Connect.
  • Azure AD Privileged Identity Management (PIM).

⬆ Back to Top

With Windows Hello for Business, a user's biometric data used for authentication

  • is stored on an external device.
  • is stored on a local device only.
  • is stored in Azure Active Directory (Azure AD).
  • is replicated to all the devices designated by the user.

⬆ Back to Top

Microsoft Defender for Identity can identify advanced threats from [...] signals.

  • Azure Active Directory (Azure AD).
  • Azure AD Connect.
  • on-premises Active Directory Domain Services (AD DS).

⬆ Back to Top

Which three authentication methods does Windows Hello for Business support?

  • Fingerprint.
  • Facial recognition.
  • PIN.
  • Email verification.
  • security question.

⬆ Back to Top

You have an Azure subscription. You need to implement approval-based, time-bound role activation. What should you use?

  • Windows Hello for Business.
  • Azure Active Directory (Azure AD) Identity Protection.
  • Access reviews in Azure Active Directory (Azure AD).
  • Azure Active Directory (Azure AD) Privileged Identity Management (PIM).

⬆ Back to Top

Global administrators are exempt from conditional access policies.

  • Yes.
  • No.

⬆ Back to Top

A conditional access policy can add users to Azure Active Directory (Azure AD) roles.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies can force the use of multi-factor authentication (MFA) to access cloud apps.

  • Yes.
  • No.

⬆ Back to Top

When security defaults are enabled for an Azure Active Directory (Azure AD) tenant, which two requirements are enforced?

  • All users must authenticate from a registered device.
  • Administrators must always use Azure Multi-Factor Authentication (MFA).
  • Azure Multi-Factor Authentication (MFA) registration is required for all users.
  • All users must authenticate by using passwordless sign-in.
  • All users must authenticate by using Windows Hello.

⬆ Back to Top

Which type of identity is created when you register an application with Active Directory (Azure AD)?

  • User account.
  • User-assigned managed identity.
  • System-assigned managed identity.
  • Service principal.

⬆ Back to Top

Which three tasks can be performed by using Azure Active Directory (Azure AD) Identity Protection?

  • Configure external access for partner organizations.
  • Export risk detection to third-party utilities.
  • Automate the detection and remediation of identity based-risks.
  • Investigate risks that relate to user authentication.
  • Create and automatically assign sensitivity labels to data.

⬆ Back to Top

When using multi-factor authentication (MFA), a password is considered something you [...].

  • are.
  • have.
  • know.
  • share.

⬆ Back to Top

Windows Hello for Business can use the Microsoft Authenticator app as an authentication method.

  • Yes.
  • No.

⬆ Back to Top

Windows Hello for Business can use a PIN code as an authentication method.

  • Yes.
  • No.

⬆ Back to Top

Windows Hello for Business authentication information syncs across all the devices registered by a user.

  • Yes.
  • No.

⬆ Back to Top

An Azure resource can use a system-assigned [...] to access Azure services.

  • Azure Active Directory (Azure AD) joined device.
  • managed identity.
  • service principal.
  • user identity.

⬆ Back to Top

You can use [...] in the Microsoft 365 security center to view an aggregation of alerts that relate to the same attack.

  • Reports.
  • Hunting.
  • Attack simulator.
  • Incidents.

⬆ Back to Top

You can create one Azure Bastion per virtual network.

  • Yes.
  • No.

⬆ Back to Top

Azure Bastion provides secure user connections by using RDP.

  • Yes.
  • No.

⬆ Back to Top

In Microsoft Sentinel, you can automate common tasks by using [...]

  • deep investigation tools.
  • hunting search-and-query tools.
  • playbooks.
  • workbooks.

⬆ Back to Top

Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources?

  • Network security groups (NSGs).
  • Azure AD Privileged Identity Management (PIM).
  • Conditional access policies.
  • Resource locks.

⬆ Back to Top

What should you use in the Microsoft 365 Defender portal to view security trends and track the protection status of identities?

  • Attack simulator.
  • Reports.
  • Hunting.
  • Incidents.

⬆ Back to Top

You have a Microsoft 365 E3 subscription. You plan to audit user activity by using the unified audit log and Basic Audit. For how long will the audit records be retained?

  • 15 days.
  • 30 days.
  • 90 days.
  • 180 days.

⬆ Back to Top

In the Microsoft 365 Defender portal, an incident is a collection of correlated [...].

  • alerts.
  • events.
  • vulnerabilities.
  • Microsoft Secure Score improvement actions.

⬆ Back to Top

You need to connect to an Azure virtual machine by using Azure Bastion. What should you use?

  • PowerShell remoting.
  • Azure portal.
  • Remote Desktop Connection client.
  • SSH client.

⬆ Back to Top

Which service includes the Attack simulation training feature?

  • Microsoft Defender for Cloud Apps.
  • Microsoft Defender for Identity.
  • Microsoft Defender for SQL.
  • Microsoft Defender for Office 365.

⬆ Back to Top

Which type of alert can you manage from the Microsoft 365 Defender portal?

  • Microsoft Defender for Storage.
  • Microsoft Defender for SQL.
  • Microsoft Defender for Endpoint.
  • Microsoft Defender for IoT.

⬆ Back to Top

Microsoft Sentinel data connectors support only Microsoft services.

  • Yes.
  • No.

⬆ Back to Top

You can use Azure Monitor workbooks to monitor data collected by Microsoft Sentinel.

  • Yes.
  • No.

⬆ Back to Top

Hunting provides you with the ability to identify security threats before an alert is triggered.

  • Yes.
  • No.

⬆ Back to Top

What is a use case for implementing information barrier policies in Microsoft 365?

  • Restrict unauthenticated access to Microsoft 365.
  • Restrict Microsoft Teams chats between certain groups within an organization.
  • Restrict Microsoft Exchange Online email between certain groups within an organization.
  • Restrict data sharing to external email recipients.

⬆ Back to Top

What can you use to deploy Azure resources across multiple subscriptions in a consistent manner?

  • Microsoft Defender for Cloud.
  • Azure Blueprints.
  • Microsoft Sentinel.
  • Azure Policy.

⬆ Back to Top

Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, your network, your storage, and more

  • Yes.
  • No.

⬆ Back to Top

Cloud security posture management (CSPM) is available for free to all Azure users.

  • Yes.
  • No.

⬆ Back to Top

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.

  • Yes.
  • No.

⬆ Back to Top

Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service.

  • Yes.
  • No.

⬆ Back to Top

Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription.

  • Yes.
  • No.

⬆ Back to Top

Azure Bastion provides a secure connection to an Azure virtual machine by using the Azure portal.

  • Yes.
  • No.

⬆ Back to Top

Applying system updates increases an organization's secure score in Microsoft Defender for Cloud.

  • Yes.
  • No.

⬆ Back to Top

The secure score in Microsoft Defender for Cloud can evaluate resources across multiple Azure subscriptions.

  • Yes.
  • No.

⬆ Back to Top

Enabling multi-factor authentication (MFA) increases an organization's secure score in Microsoft Defender for Cloud.

  • Yes.
  • No.

⬆ Back to Top

Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards?

  • Microsoft Secure Score.
  • AProductivity Score.
  • Secure score in Azure Security Center.
  • Compliance score.

⬆ Back to Top

You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. [...] Encrypt data at rest.

  • Corrective.
  • Detective.
  • Preventative.

⬆ Back to Top

You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. [...] Perform a system access audit.

  • Corrective.
  • Detective.
  • Preventative.

⬆ Back to Top

You are evaluating the compliance score in Compliance Manager. Match the compliance score action subcategories to the appropriate actions. [...] Make configuration changes in response to a security incident.

  • Corrective.
  • Detective.
  • Preventative.

⬆ Back to Top

Conditional access policies can be applied to global administrators.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies are evaluated before a user is authenticated.

  • Yes.
  • No.

⬆ Back to Top

Conditional access policies can use a device platform, such as Android or iOS, as a signal.

  • Yes.
  • No.

⬆ Back to Top

Which two cards are available in the Microsoft 365 Defender portal?

  • Users at risk.
  • Compliance Score.
  • Devices at risk.
  • Service Health.
  • User Management.

⬆ Back to Top

Microsoft 365 Endpoint data loss prevention (Endpoint DLP) can be used on which operating systems?

  • Windows 10 and iOS only.
  • Windows 10 and Android only.
  • Windows 10, Android, and iOS.
  • Windows 10 only.

⬆ Back to Top

Which compliance feature should you use to identify documents that are employee resumes?

  • Pre-trained classifiers.
  • Content explorer.
  • Activity explorer.
  • eDiscovery.

⬆ Back to Top

What are customers responsible for when evaluating security in a software as a service (SaaS) cloud services model?

  • Applications.
  • Network controls.
  • Operating systems.
  • Accounts and identities.

⬆ Back to Top

You need to create a data loss prevention (DLP) policy. What should you use?

  • Microsoft 365 admin center.
  • Microsoft Endpoint Manager admin center.
  • Microsoft 365 Defender portal.
  • Microsoft 365 Compliance center.

⬆ Back to Top

What is an assessment in Compliance Manager?

  • Grouping of controls from a specific regulation, standard or policy.
  • Recommended guidance to help organizations align with their corporate standards.
  • Dictionary of words that are not allowed in company documents.
  • Policy initiative that includes multiple policies.

⬆ Back to Top

You need to keep a copy of all files in a Microsoft SharePoint site for one year, even if users delete the files from the site. What should you apply to the site?

  • Data loss prevention (DLP) policy.
  • Retention policy.
  • Insider risk policy.
  • Sensitivity label policy.

⬆ Back to Top

What can you use to view the Microsoft Secure Score for Devices?

  • Microsoft Defender for Cloud Apps.
  • Microsoft Defender for Endpoint.
  • Microsoft Defender for Identity.
  • Microsoft Defender for Office 365.

⬆ Back to Top

Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Review and filter alerts.

  • Triage.
  • Investigate.
  • Action.

⬆ Back to Top

Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Create cases in the Case dashboard.

  • Triage.
  • Investigate.
  • Action.

⬆ Back to Top

Match the Microsoft 365 insider risk management workflow step to the appropriate task. [...] Send a reminder of corporate policies to users.

  • Triage.
  • Investigate.
  • Action.

⬆ Back to Top

Users can apply sensitivity labels manually.

  • Yes.
  • No.

⬆ Back to Top

Multiple sensitivity labels can be applied to the same file.

  • Yes.
  • No.

⬆ Back to Top

A sensitivity abel can apply a watermark to a Microsoft Word document.

  • Yes.
  • No.

⬆ Back to Top

You can use Advanced Audit in Micrdsoft 365 to view billing details.

  • Yes.
  • No.

⬆ Back to Top

You can use Advanced Auditin Microsoft 365 to view the contents of an email message.

  • Yes.
  • No.

⬆ Back to Top

You can use Advanced Auditin Microsoft 365 to view when a user sees the search bar in Outlook on the web to search for message in a mailbox.

  • Yes.
  • No.

⬆ Back to Top

What can you specify in Microsoft 365 sensitivity labels?

  • How long files must be preserved.
  • When to archive an email message.
  • Which watermark to add to files.
  • Where to store files.

⬆ Back to Top